Monday, August 20, 2007

Length of SQL strings

If you are using SQL to record actions and log errors, make sure to validate the lenghth of all inputs before inserting into the database. If hackers can pass in a string that is too long they can cause an error that can allow their actions to bypass logging functions going into a database.